Cyber attackers prey on chaos. It’s cowardly and unfair, but it’s true. Imagine being a leader at a healthcare organization given today’s challenges. In the midst of combatting a global health crisis, dealing with economic distress, and attempting to curb the systemic social disparities intertwined in both of those, your organization is also a constant target for cybersecurity threats.
And with the technological advances of medical devices and our obsession with internet-connected tools, these healthcare breaches legitimately threaten lives.
We’ve only seen the number of healthcare breaches grow recently given the aforementioned distractions, too. These chaotic circumstances give cyber attackers a perfect avenue to cause harm.
We’re here to help where we can.
Partnering with CCI Systems, we’re bringing you a series of blogs to 1) shed light on the issues that most commonly cause healthcare breaches, and 2) provide mitigation recommendations to limit the chances for your organization.
In this series we’ll discuss five common attack vectors and missteps that cause healthcare breaches:
- Phishing attacks
- Publicly accessible logon systems with single-factor authentication
- Poor password hygiene
- Unpatched systems
- Misconfigurations
Phishing Attacks
Phishing attacks have been around for a very long time. They’re still used abundantly, especially in healthcare breaches, simply because they work.
Many of us know what phishing attacks are. These emails rely on psychology and urgency to dupe people into clicking malicious links, downloading malicious files, etc.
And there are many variations involving spoofed websites, texting campaigns, scam phone calls, and more.
Ultimately, the goal is to trick the end user into giving up access or credentials that can then be used to cause further damage organization-wide.
Publicly Accessible Logon Systems with Single-Factor Authentication
As you know, logging in is how you access the platforms you need to do your job. But if those systems exist on the internet, they can be accessed by anyone with the right credentials.
This concern is exponentially more valid if that access point only requires one single form of authentication—meaning just a username and password and not an additional, secondary method of proving the user is who they say they are (multi-factor authentication, or MFA).
With a publicly accessible logon system with single factor authentication, an attacker simply needs to guess your credentials to unlock a whole lot of sensitive information.
You can see where this is problematic with healthcare organizations. Think of all the types of data physicians collect and what it could mean if that database was accessed or stolen.
Poor Password Hygiene
Speaking of credentials, the fundamental practice of good password hygiene is surprisingly missed, especially among healthcare organizations.
Default, weak, shared, and reused passwords make an attacker’s job a lot easier.
But passwords are tough to create well, remember, and maintain, especially given the sheer number of systems and accounts we need to log in to today.
Together with CCI, we will cover the tools, methods, and trainings to combat these challenges. Many breached organizations didn’t know about them, didn’t prioritize them, or both.
Unpatched Systems
You know those annoying update notifications that derail your workday progress?
Those updates are typically pushed to systems and programs by the developers, often to address known vulnerabilities and bugs.
If pushed off, you may not be adequately preventing a weakness that has likely already been exploited or has the potential to be.
Yet, in many healthcare breaches or compromises, we see this as a commonality; systems and programs running old, exploitable versions.
Misconfigurations
Simply put, a configuration is a setup.
Often in security, this refers to setting up things like networks, systems, programs, and permission sets.
Without things set up, integrated, and locked down properly, it often ends up being an open door for attackers to stroll through. For healthcare organizations, this includes networks and programs with tons of personally identifiable information on or in them, internet-connected medical devices, and more.
It is clear how misconfigurations can cause serious compromise within healthcare organizations.
The Rest of the Series
Each ensuing post will break down these five categories. We’ll discuss in further detail what the attack vector is, what specifically attackers do within that vector to achieve compromises or healthcare breaches, and some examples of those attacks and stories within the healthcare industry.
They will be complimented by a CCI post explaining how to avoid being compromised using that vector—how to protect yourself and mitigate the risk of falling under the same trap.
We hope that in conjunction, we can bring you tangible knowledge and advice that you can take back to your healthcare organization to limit its vulnerabilities moving forward.
—
If you have questions, or need assistance with preventing incidents at your healthcare organization, please don’t hesitate to reach out to us at frsecure.com.